package security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.util.Assert;

public class UserPwdCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter{

	protected UserPwdCodeAuthenticationFilter() {
		super("/j_spring_security_check");
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request,
			HttpServletResponse response) throws AuthenticationException,
			IOException, ServletException {
		if(!request.getMethod().equals("POST")) {
			throw new AuthenticationServiceException(new StringBuffer().append("Authenticaiton Not Support Method : ").append(request.getMethod()).toString());
		}
		
		String username = obtainUsername(request);
		String password  = obtainPassword(request);
		
		if(null == username) {
			username = "";
		}
		if(null == password) {
			password = "";
		}
		username = username.trim();
		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
		
		setDetails(request, authRequest);
		Authentication auth = null;
//		try {
			auth = getAuthenticationManager().authenticate(authRequest);
//		} catch(AuthenticationException e) {
//			e.printStackTrace();
//		}
		if(auth.isAuthenticated()) {
			request.getSession().setAttribute("userName", username);
		}
		return auth;
	}

	protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest)
    {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }
	
	protected String obtainPassword(HttpServletRequest request)
    {
        return request.getParameter(SPRING_SECURITY_FORM_PASSWORD_KEY);
    }

    protected String obtainUsername(HttpServletRequest request)
    {
        return request.getParameter(SPRING_SECURITY_FORM_USERNAME_KEY);
    }
    
    protected String obtainSessionValidateCode(HttpSession session) {  
        Object obj = session.getAttribute(SPRING_SECURITY_FORM_VERIFYCODE_KEY);  
        return null == obj ? "" : obj.toString();  
    }  
    
    private String obtainValidateCodeParameter(HttpServletRequest request) {  
        Object obj = request.getParameter(SPRING_SECURITY_FORM_VERIFYCODE_KEY);  
        return null == obj ? "" : obj.toString();  
    }  

	
	public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
	public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
    public static final String SPRING_SECURITY_FORM_VERIFYCODE_KEY = "j_verifycode";
    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";

}
